February 20, 2016 By Cindy Compert 3 min read

In Part I of this series, I discussed how data security and privacy best practices are similar to the children’s game “Treasure Hunt,” and I offered 10 tips for protecting your booty upon arrival at your tropical island. But what are you supposed to do before you even get there? Here are seven additional best practices on how to prepare.

1. Cash Is King

Before you set out on your journey, a visit to the king is in order to secure patronage. Have you identified your executive sponsor and associated budget? If not, you may find yourself lost at sea and unable to remain afloat.

2. Watch Your Ballast

Ballast is what provides stability for your ship. Too much and you risk sinking in rough seas. In data security, the equivalent of ballast is being weighed down by manual processes and tools that don’t meet your needs. Throw them overboard! Consider using automated methods to identify what’s important, such as data sources, files and databases.

3. Beware of Traitors

A traitor could derail your entire journey by giving up your position and sharing valuable information with pirates. No one wants to talk about rogue employees and the risk of insider threats. Nevertheless, we need to be thinking like pirates at all times and anticipating all possibilities. Activity monitoring is a good way to ensure that the crew doesn’t turn against you.

4. Avoid Mutiny

If you’ve ever seen “Mutiny on the Bounty,” you know what happens when a captain does not have the crew’s respect. Worse than a traitor, your very existence could be threatened.

Being a strong leader means being clear about your team’s roles and responsibilities with respect to data protection. Who administers the policies? What mechanisms do you have in place for approvals and escalations? Using a structured approach with built-in workflows means ensuring everyone signs off on exceptions.

5. Check the Weather Often

Back in the days of sail, both wind and weather made the difference between getting to your destination, going down with the ship or succumbing to illness and starvation. In data security and privacy, the weather is the prevailing regulatory environment.

With the EU-U.S. Privacy Shield potentially replacing Safe Harbor in addition to the new EU GDPR regulations taking effect in 2018, it’s critical to understand the changes on the horizon and to anticipate how those changes might impact your plans.

6. Always Be Prepared for Battle

Being prepared means having both detective and preventive measures in place. Do you have a lookout 24 hours a day? What if a ship approaches and the pirates try to board? In data security, you must observe all activity and have a plan in place to identify and then respond to unusual activity.

Sometimes those pirates are so tricky that they foil all our best defenses, such as blocking rogue SQL, alerting, etc. How do you detect unusual data access activity patterns? This is where machine learning comes in — applying cognitive computing techniques to identify that needle in the haystack.

7. One Man’s Trash Is Another Man’s Treasure

Be careful about how you dispose of your trash. If you drop it overboard, you will be leaving valuable clues for the pirates (in addition to being a polluter).

The same is true for removing old data. It needs to be disposed of in a manner that ensures it is no longer usable. Several recent breaches involved access to unneeded data that could have been either placed into a secure archive or disposed of entirely. Old data equals risk.

Learn more about securing the data that powers your business

More from Data Protection

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

SpyAgent malware targets crypto wallets by stealing screenshots

4 min read - A new Android malware strain known as SpyAgent is making the rounds — and stealing screenshots as it goes. Using optical character recognition (OCR) technology, the malware is after cryptocurrency recovery phrases often stored in screenshots on user devices.Here's how to dodge the bullet.Attackers shooting their (screen) shotAttacks start — as always — with phishing efforts. Users receive text messages prompting them to download seemingly legitimate apps. If they take the bait and install the app, the SpyAgent malware gets…

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today